# Can I be Rooted? v0.1
# Quick perl script to check for localroots
print " Can I be rooted - v0.1 \n";
print " - Insecurety Research -\n";
print "  http://insecurety.net \n\n";
my $khost = `uname -r`;
my $currentid = `whoami`;
chomp($khost);

	my %h;
	$h{'w00t'} = { 
		vuln=>['2.4.18','2.4.10','2.4.21','2.4.19','2.4.17','2.4.16','2.4.20'] 
	};
	
	$h{'brk'} = {
		vuln=>['2.4.22','2.4.21','2.4.10','2.4.20'] 
	};
	
	$h{'ave'} = {
		vuln=>['2.4.19','2.4.20'] 
	};
	
	$h{'elflbl'} = {
		vuln=>['2.4.29'] 
	};
	
	$h{'elfdump'} = {
		vuln=>['2.4.27']
	};
	
	$h{'expand_stack'} = {
		vuln=>['2.4.29'] 
	};
	
	$h{'h00lyshit'} = {
		vuln=>['2.6.8','2.6.10','2.6.11','2.6.9','2.6.7','2.6.13','2.6.14','2.6.15','2.6.16','2.6.2']
	};
	
	$h{'kdump'} = {
		vuln=>['2.6.13'] 
	};
	
	$h{'km2'} = {
		vuln=>['2.4.18','2.4.22']
	};
	
	$h{'krad'} = {
		vuln=>['2.6.11']
	};
	
	$h{'krad3'} = {
		vuln=>['2.6.11','2.6.9']
	};
	
	$h{'local26'} = {
		vuln=>['2.6.13']
	};
	
	$h{'loko'} = {
		vuln=>['2.4.22','2.4.23','2.4.24'] 
	};
	
	$h{'mremap_pte'} = {
		vuln=>['2.4.20','2.2.25','2.4.24'] 
	};
	
	$h{'newlocal'} = {
		vuln=>['2.4.17','2.4.19','2.4.18'] 
	};
	
	$h{'ong_bak'} = {
		vuln=>['2.4.','2.6.'] 
	};
	
	$h{'ptrace'} = {
		vuln=>['2.2.','2.4.22'] 
	};
	
	$h{'ptrace_kmod'} = {
		vuln=>['2.4.2'] 
	};
	
	$h{'ptrace24'} = {
		vuln=>['2.4.9'] 
	};
	
	$h{'pwned'} = {
		vuln=>['2.4.','2.6.'] 
	};
	
	$h{'py2'} = {
		vuln=>['2.6.9','2.6.17','2.6.15','2.6.13'] 
	};
	
	$h{'raptor_prctl'} = {
		vuln=>['2.6.13','2.6.17','2.6.16','2.6.13'] 
	};
	
	$h{'prctl3'} = {
		vuln=>['2.6.13','2.6.17','2.6.9'] 
	};
	
	$h{'remap'} = {
		vuln=>['2.4.'] 
	};
	
	$h{'rip'} = {
		vuln=>['2.2.'] 
	};
	
	$h{'stackgrow2'} = {
		vuln=>['2.4.29','2.6.10'] 
	};
	
	$h{'uselib24'} = {
		vuln=>['2.4.29','2.6.10','2.4.22','2.4.25'] 
	};
	
	$h{'newsmp'} = {
		vuln=>['2.6.'] 
	};
	
	$h{'smpracer'} = {
		vuln=>['2.4.29'] 
	};
	
	$h{'loginx'} = {
		vuln=>['2.4.22'] 
	};
	
	$h{'exp.sh'} = {
		vuln=>['2.6.9','2.6.10','2.6.16','2.6.13'] 
	};
	
	$h{'prctl'} = {
		vuln=>['2.6.'] 
	};
	
	$h{'kmdx'} = {
		vuln=>['2.6.','2.4.'] 
	};
	
	$h{'raptor'} = {
		vuln=>['2.6.13','2.6.14','2.6.15','2.6.16'] 
	};
	
	$h{'raptor2'} = {
		vuln=>['2.6.13','2.6.14','2.6.15','2.6.16'] 
	};
	

print "[*] Current user is: ".$currentid;
print "[*]Kernel version is: ".$khost." \n";
print "[+] Checking against vuln list...\n";
foreach my $key(keys %h){
foreach my $kernel ( @{ $h{$key}{'vuln'} } ){ 
	if($khost=~/^$kernel/){
	chop($kernel) if ($kernel=~/.$/);
	print "[*] Possible Local Root Exploit: ". $key ." \n";
		}
	}
}
